Directory traversal vulnerability in download.php in the Zip Attachments plugin prior to 1.5.1 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the za_file parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zip attachments project zip attachments |